takaemzz

Members

View Profile See their activity

Posts
2
Joined
June 30, 2013
Last visited
June 30, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by takaemzz

coin miner - shell.exe - macromedia problem

takaemzz posted a topic in Resolved Malware Removal Logs

greetings Im from Indonesia. and feeling sorry if my English not good. hehe tomorrow my CPU Usage became 100% imidiately. the problem is coin miner. anyone, please help me. I dont understand any malware problem. here's the log : DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2Run by HANADI at 1:36:31 on 2013-06-30Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.3071.1043 [GMT 7:00].AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\AUDIODG.EXEC:\Windows\System32\spoolsv.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\TEMP\mrt8BF4.tmp\stdrt.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exeC:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exeC:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exeC:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exeC:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exeC:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Users\HANADI\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exeC:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exec:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Windows\system32\viakaraokesrv.exeC:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Users\HANADI\AppData\Roaming\WindowsLogonSSS\shell.exeC:\Windows\system32\conhost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\UI0Detect.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Windows\explorer.exeC:\Windows\system32\conhost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\wscript.exeC:\Users\HANADI\AppData\Roaming\WindowsLogonSSS\shell.exeC:\Users\HANADI\AppData\Roaming\WindowsLogonSSS\macromedia.exeC:\Windows\system32\conhost.exeC:\Windows\system32\conhost.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uURLSearchHooks: <No Name>: {93a3111f-4f74-4ed8-895e-d9708497629e} - c:\program files\videodownloadconverter_4z\bar\1.bin\4zSrcAs.dlldURLSearchHooks: <No Name>: {93a3111f-4f74-4ed8-895e-d9708497629e} - c:\program files\videodownloadconverter_4z\bar\1.bin\4zSrcAs.dllBHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\users\hanadi\appdata\roaming\complitly\Complitly.dllBHO: Toolbar BHO: {312f84fb-8970-4fd3-bddb-7012eac4afc9} - c:\program files\videodownloadconverter_4z\bar\1.bin\4zbar.dllBHO: Ask Toolbar: {5347542D-5637-006A-76A7-7A786E7484D7} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\hanadi\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Search Assistant BHO: {c547c6c2-561b-4169-a2a5-20ba771ca93b} - c:\program files\videodownloadconverter_4z\bar\1.bin\4zSrcAs.dllBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: Improved search toolbar: {E4E012DC-1925-48E9-8010-2D195574642A} - c:\program files\b1 free archiver\toolbar\B1Toolbar32.dllBHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dllTB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dllTB: Ask Toolbar: {5347542D-5637-006A-76A7-7A786E7484D7} - TB: VideoDownloadConverter: {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - c:\program files\videodownloadconverter_4z\bar\1.bin\4zbar.dllTB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - c:\program files\videodownloadconverter_4z\bar\1.bin\4zbar.dllTB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dllTB: Improved search toolbar: {E4E012DC-1925-48E9-8010-2D195574642A} - c:\program files\b1 free archiver\toolbar\B1Toolbar32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Ask Toolbar: {5347542D-5637-006A-76A7-7A786E7484D7} - uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"uRun: [sDP] c:\program files\filesfrog update checker\update_checker.exe /auto uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quietuRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupuRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startupuRun: [Realtek Audio Manager] "c:\programdata\realtek0\qpqpdndnn.exe"uRun: [RTAudioDriver] "c:\programdata\rtaudiodriver0\xsljqlont.exe"mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exemRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -rmRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exemRun: [VideoDownloadConverter Search Scope Monitor] "c:\progra~1\videod~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /hmRun: [VideoDownloadConverter_4z Browser Plugin Loader] c:\progra~1\videod~2\bar\1.bin\4zbrmon.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXEmRun: [Autodesk Sync] c:\program files\autodesk\autodesk sync\AdSync.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activexStartupFolder: c:\users\hanadi\appdata\roaming\micros~1\windows\startm~1\programs\startup\skype.lnk - c:\users\hanadi\appdata\roaming\windowslogonsss\usft_ext.exe.vbsmPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.htmlIE: Backward &Links - c:\program files\google\googletoolbar.dll/cmbacklinks.htmlIE: Cac&hed Snapshot of Page - c:\program files\google\googletoolbar.dll/cmcache.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000IE: Si&milar Pages - c:\program files\google\googletoolbar.dll/cmsimilar.htmlIE: Translate into English - c:\program files\google\googletoolbar.dll/cmtrans.htmlIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 202.134.0.155 203.130.193.74TCP: Interfaces\{B59BF17F-D284-4574-BB03-D47E7A7DC231} : DHCPNameServer = 202.134.0.155 203.130.193.74Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.================= FIREFOX ===================.FF - ProfilePath - c:\users\hanadi\appdata\roaming\mozilla\firefox\profiles\fdhs4bqp.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: network.proxy.ftp - proxies.telkom.net.idFF - prefs.js: network.proxy.ftp_port - 8080FF - prefs.js: network.proxy.http - proxies.telkom.net.idFF - prefs.js: network.proxy.http_port - 8080FF - prefs.js: network.proxy.socks - proxies.telkom.net.idFF - prefs.js: network.proxy.socks_port - 8080FF - prefs.js: network.proxy.ssl - proxies.telkom.net.idFF - prefs.js: network.proxy.ssl_port - 8080FF - prefs.js: network.proxy.type - 0FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dllFF - plugin: c:\program files\nitro pdf\reader 2\npdf.dllFF - plugin: c:\program files\nitro pdf\reader 2\npnitroie.dllFF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dllFF - plugin: c:\program files\videodownloadconverter_4z\bar\1.bin\NP4zStub.dllFF - plugin: c:\users\hanadi\appdata\roaming\igg\web3d\1.0.0.38\NPIGGWeb3DUpdater.dllFF - plugin: c:\users\hanadi\appdata\roaming\igg\web3d\1.0.0.38\NPJoyConnectShell.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dllFF - ExtSQL: !HIDDEN! 2012-10-23 22:31; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\videodownloadconverter_4z\bar\1.bin.---- FIREFOX POLICIES ----FF - user.js: extensions.funmoods.hmpg - trueFF - user.js: extensions.funmoods.dfltSrch - trueFF - user.js: extensions.funmoods.srchPrvdr - SearchFF - user.js: extensions.funmoods.dnsErr - trueFF - user.js: extensions.funmoods_i.newTab - trueFF - user.js: extensions.funmoods.id - 003067E6B8ADE7FFFF - user.js: extensions.funmoods.instlDay - 15642FF - user.js: extensions.funmoods.vrsn - 1.5.23.22FF - user.js: extensions.funmoods.vrsni - 1.5.23.22FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.229:20:58FF - user.js: extensions.funmoods.prtnrId - funmoodsFF - user.js: extensions.funmoods.prdct - funmoodsFF - user.js: extensions.funmoods.aflt - ironpubFF - user.js: extensions.funmoods_i.smplGrp - noneFF - user.js: extensions.funmoods.tlbrId - baseFF - user.js: extensions.funmoods.instlRef - ironpubFF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - falseFF - user.js: extensions.funmoods.autoRvrt - falseFF - user.js: extensions.funmoods.envrmnt - productionFF - user.js: extensions.funmoods.isdcmntcmplt - trueFF - user.js: extensions.funmoods.mntrvrsn - 1.3.0....FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - e0f7e7ff000000000000003067e6b8adFF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15759FF - user.js: extensions.delta.vrsn - 1.8.10.0FF - user.js: extensions.delta.vrsni - 1.8.10.0FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:31:58FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta.newTab - false...============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2013-6-17 169632]R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2012-1-31 19232]R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\hanadi\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2012-10-23 107520]R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328]R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-9-13 196112]R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-10-23 793048]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2012-10-23 27760]R2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~1\videod~2\bar\1.bin\4zbarsvc.exe [2012-10-23 42504]R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-10-22 91248]R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-10-23 1814640]S2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\adbcnsl.exe [2012-11-5 689492]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520].=============== File Associations ===============.FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1".=============== Created Last 30 ================.2013-06-29 18:08:13 -------- d-sh--w- c:\programdata\RTAudioDriver02013-06-29 16:38:55 -------- d-----w- c:\users\hanadi\appdata\roaming\WindowsLogonSSS2013-06-29 04:54:12 -------- d-sh--w- c:\programdata\Realtek02013-06-29 03:41:45 -------- d-----w- c:\users\hanadi\appdata\local\AskPartnerNetwork2013-06-29 03:22:55 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d2556c0e-2933-4c88-9510-3720ba663e14}\mpengine.dll2013-06-28 13:39:21 -------- d-----w- c:\programdata\AskPartnerNetwork2013-06-28 13:39:21 -------- d-----w- c:\program files\AskPartnerNetwork2013-06-27 10:45:00 7068072 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2013-06-24 05:54:33 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-06-21 05:03:19 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{97248e6c-ba1c-48ec-8958-35479e227463}\gapaengine.dll2013-06-12 18:50:56 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-06-12 18:50:56 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll2013-06-12 17:14:38 1505280 ----a-w- c:\windows\system32\d3d11.dll2013-06-12 17:14:14 24576 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-12 17:14:12 492544 ----a-w- c:\windows\system32\win32spl.dll2013-06-12 17:14:10 903168 ----a-w- c:\windows\system32\certutil.exe2013-06-12 17:14:09 43008 ----a-w- c:\windows\system32\certenc.dll2013-06-12 17:14:09 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-12 17:14:09 1160192 ----a-w- c:\windows\system32\crypt32.dll2013-06-12 17:14:09 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-06-12 17:09:01 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-12 17:08:27 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-06-12 17:08:27 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe2013-06-12 17:03:19 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-05 13:15:26 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll2013-06-02 09:23:55 -------- d-----w- c:\users\hanadi\appdata\roaming\TuneUp Software2013-06-02 09:22:32 -------- d-----w- c:\programdata\TuneUp Software2013-06-02 09:22:02 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}.==================== Find3M ====================.2013-06-24 05:54:22 867240 ----a-w- c:\windows\system32\npDeployJava1.dll2013-06-24 05:54:22 789416 ----a-w- c:\windows\system32\deployJava1.dll2013-06-12 11:17:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-06-12 11:17:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 20:52:56 499712 ----a-w- c:\windows\system32\msvcp71.dll2013-04-10 20:52:56 348160 ----a-w- c:\windows\system32\msvcr71.dll2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 1:38:57.76 =============== attach.txt
- June 30, 2013
- 2 replies
Ships Captain....

takaemzz replied to Firefox's topic in Tailwaggers and Jokes

feel fun and got moral i think
- June 30, 2013
- 4 replies

Sign In

takaemzz

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by takaemzz

coin miner - shell.exe - macromedia problem

Ships Captain....

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information